0
10.4.11
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
Splunk Search integration for Security Operations aids in the investigation of a security incident by querying logs in your Splunk deployment for potentially malicious indicators. This integration is compatible with Splunk Enterprise and Splunk for Enterprise Security.
Splunk Search Integration for Security Operations is now available only on the ServiceNow® Store.
The integration provides the ability to use Splunk to run a Sightings Search on observables to determine the prevalence of a threat over time or test remediation efforts. The search can specify one or more observables and a date range.
Fixed:
- During the integration configuration if the user leaves the Link URL field blank, Splunk fails to authenticate even though the field is optional.
Before you can use Splunk Search Integration for Security Operations, you must install the application and add the appropriate API Base URL and login credentials.